Lucene search
HistoryJan 02, 2023 - 10:15 p.m.
CVE-2022-3860
visual email designer
woocommerce wordpress
sql injection
vulnerability
parameter sanitization
author role
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
38.1%
The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author.
Affected configurations
Node
smackcodersvisual_email_designer_for_woocommerceRange<1.7.2wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| smackcoders | visual_email_designer_for_woocommerce | * | cpe:2.3:a:smackcoders:visual_email_designer_for_woocommerce:*:*:*:*:*:wordpress:*:* |
Related
wpexploit
wpexploit
Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi
2022-12-09 00:00:00
wpvulndb
wpvulndb
Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi
2022-12-09 00:00:00
cvelist
cvelist
cve
cve
CVE-2022-3860
2023-01-02 22:15:15
prion
prion
Sql injection
2023-01-02 22:15:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
38.1%
Related for NVD:CVE-2022-3860